Cisco announced that IOS XR Software version 4.3.1 contains a vulnerability that could result in a denial of service (DoS) condition if exploited.
Cisco IOS XR Software version 4.3.1 does not release memory allocated by UDP packets when the queues are full. If someone were to flood the device with UDP packets it would consume all available memory causing a denial of service. This attack can be performed by a remote unauthenticated user. The problem is only triggered by traffic directed at UDP services. Transit traffic will not cause issues.
If your device is attacked it will issue a warning:
%PKT_INFRA-PAKWATCH-4-DEPLETION_WARNING : Depletion level <value> percent for resource PAK FSV
Devices using UDP listening services are vulnerable. Configurations that use UDP services are as follows:
- Simple Network Management Protocol (SNMP) – UDP Ports 161 and 162
- Network Time Protocol (NTP) – UDP port 123
- Label Distribution Protocol (LDP) – UDP port 646
- Syslog – UDP port 514
This vulnerability affects Cisco IOS XR Software version 4.3.1 installed on any supported hardware device.
Cisco has released free software updates that address this vulnerability. For more information see Cisco’s security advisory.